Computing networks can include multiple network devices such as routers, switches, hubs, servers, desktop PCs, laptops, workstations, and peripheral devices, e.g., printers, facsimile devices, and scanners, networked together across a local area network (LAN) and/or wide area network (WAN).
One advantage realized by networks is the ability to share network resources among dispersed clients. For example, networks can include checking functionalities such as an intrusion system (IS), e.g., intrusion prevention system (IPS) and/or intrusion detection system (IDS) that serve to detect unwanted intrusions/activities to the computer network, as well as remediation servers that store operating system patches, virus definitions, etc. Unwanted network intrusions/activities may take the form of attacks through computer viruses and/or hackers, misconfigured devices among others, trying to access the network. To this end, an IS can identify different types of suspicious network traffic and network device usage that can not be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, denial of service attacks, port scans, unauthorized logins and access to sensitive files, viruses, Trojan horses, and worms, among others.
Tunnels, e.g., a virtual private network (VPN), can be used for transporting data between sites or within sites, e.g., sites of a company. Tunnels can be used to transport data across a third-party network, across insecure parts of a network, or across networks of dissimilar types, e.g., internet protocol versions four and six (IPv4 and IPv6). Tunnels can also be used in conjunction with shared network resources. For example, a site could have many clients attached to many switches, all needing tunneling to one of many checking functionalities on the network. In this case, the number of tunnels required for a network could be large and dynamic.
In previous approaches, tunnels between devices were configured using a manual process, which required a network administrator to connect to each device for setting up, i.e., configuring, or taking down, i.e., removing, a tunnel from the device configuration. Tunnel configuration required a good deal of user intervention, was both expensive to implement and very complex to maintain, and did not scale well as the number of devices having tunnel entry or exit points increased.